Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/libaec-1.0.4/src/encode_accessors.c Examining data/libaec-1.0.4/src/encode.c Examining data/libaec-1.0.4/src/szlib.h Examining data/libaec-1.0.4/src/encode_accessors.h Examining data/libaec-1.0.4/src/sz_compat.c Examining data/libaec-1.0.4/src/aec.c Examining data/libaec-1.0.4/src/encode.h Examining data/libaec-1.0.4/src/decode.h Examining data/libaec-1.0.4/src/decode.c Examining data/libaec-1.0.4/src/utime.c Examining data/libaec-1.0.4/src/libaec.h Examining data/libaec-1.0.4/tests/check_code_options.c Examining data/libaec-1.0.4/tests/check_szcomp.c Examining data/libaec-1.0.4/tests/check_long_fs.c Examining data/libaec-1.0.4/tests/check_aec.h Examining data/libaec-1.0.4/tests/check_aec.c Examining data/libaec-1.0.4/tests/check_buffer_sizes.c Examining data/libaec-1.0.4/fuzzing/fuzz_target.cc FINAL RESULTS: data/libaec-1.0.4/src/utime.c:110:5: [4] (shell) execvp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execvp(argv[0], argv); data/libaec-1.0.4/tests/check_aec.h:31:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf(d, n, ...) _snprintf_s((d), (n), _TRUNCATE, __VA_ARGS__) data/libaec-1.0.4/tests/check_aec.h:34:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/libaec-1.0.4/tests/check_aec.h:34:18: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/libaec-1.0.4/src/aec.c:64:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *param = atoi(argv[*iarg]); data/libaec-1.0.4/src/aec.c:66:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *param = atoi(&argv[*iarg][2]); data/libaec-1.0.4/src/aec.c:171:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((infp = fopen(infn, "rb")) == NULL) { data/libaec-1.0.4/src/aec.c:175:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((outfp = fopen(outfn, "wb")) == NULL) { data/libaec-1.0.4/src/encode.c:469:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(strm->next_out, state->cds_buf + state->i, n); data/libaec-1.0.4/src/encode_accessors.c:202:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(strm->state->data_raw, \ data/libaec-1.0.4/src/sz_compat.c:119:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *)dest + j, (char *)src + i, ls); data/libaec-1.0.4/src/sz_compat.c:126:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *)dest + j + k, pixel, pixel_size); data/libaec-1.0.4/src/sz_compat.c:293:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest, buf, *destLen); data/libaec-1.0.4/tests/check_aec.c:202:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fbase[1024]; data/libaec-1.0.4/tests/check_aec.c:216:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[1024 + 4]; data/libaec-1.0.4/tests/check_aec.c:225:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(fname, "wb")) == NULL) { data/libaec-1.0.4/tests/check_aec.c:252:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[1024 + 3]; data/libaec-1.0.4/tests/check_aec.c:255:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(fname, "wb")) == NULL) { data/libaec-1.0.4/tests/check_szcomp.c:25:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(argv[1], "rb")) == NULL) { data/libaec-1.0.4/src/aec.c:59:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(argv[*iarg]) == 2) { ANALYSIS SUMMARY: Hits = 20 Lines analyzed = 4330 in approximately 0.30 seconds (14428 lines/second) Physical Source Lines of Code (SLOC) = 2965 Hits@level = [0] 106 [1] 1 [2] 15 [3] 0 [4] 4 [5] 0 Hits@level+ = [0+] 126 [1+] 20 [2+] 19 [3+] 4 [4+] 4 [5+] 0 Hits/KSLOC@level+ = [0+] 42.4958 [1+] 6.74536 [2+] 6.40809 [3+] 1.34907 [4+] 1.34907 [5+] 0 Symlinks skipped = 2 (--allowlink overrides but see doc for security issue) Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.